Freeradius Mysql Default Template - Download as Excel by khw12692

VIEWS: 22 PAGES: 32

More Info
									                                                 statement


          vendorstatements__FKEY
statement__KEY                          lastmodified
                     cvename organization           contributor statement
1         1                   Red
                     CVE-1999-0997Hat 2006-09-27Joshua Bressers Red Hat does not consider CVE-1999-0997 to be a securi
2         1                   Red
                     CVE-1999-1572Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
3         1                   Razor
                     CVE-2000-0572      2007-02-22Al Menendez   Subsequent releases of Razor address this issue and utili
4         1                   Red
                     CVE-2000-1137Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
5         1                   Red
                     CVE-2000-1199Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
6         1                   Red
                     CVE-2001-0187Hat 2006-09-27Joshua Bressers Red Hat Enterprise Linux 2.1 ships with wu-ftp version 2.6
7         1                   Red
                     CVE-2001-0935Hat 2006-09-27Joshua Bressers CVE-2001-0935 refers to vulnerabilities found when SUSE
8         1                   Red
                     CVE-2001-1507Hat 2006-08-30Mark J CoxNot vulnerable. This issue did not affect the versions of Op
9         1                   Red
                     CVE-2001-1534Hat 2006-08-30Mark J CoxThis is not a security issue. The mod_usertrack cookies a
10        1                   Red
                     CVE-2001-1556Hat 2006-08-30Mark J CoxThis is a duplicate CVE name and is a combination of CVE
11        1                   Red
                     CVE-2002-0004Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
12        1                   Red
                     CVE-2002-0497Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
13        1                   Red
                     CVE-2002-1642Hat 2006-08-30Mark J CoxNot vulnerable. This issue did not affect the versions of Po
14        1                   Red
                     CVE-2002-1648Hat 2006-08-30Mark J CoxNot vulnerable. This issue did not affect the versions of Sq
15        1                   Red
                     CVE-2002-1649Hat 2006-08-30Mark J CoxNot vulnerable. This issue did not affect the versions of Sq
16        1                   Red
                     CVE-2002-1650Hat 2006-08-30Mark J CoxNot vulnerable. This issue did not affect the versions of Sq
17        1                   Red
                     CVE-2002-1850Hat 2006-08-30Mark J CoxNot vulnerable. This issue did not affect the versions of Ap
18        1                   Red
                     CVE-2002-1903Hat 2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
19        1                   Red
                     CVE-2002-2013Hat 2006-08-30Mark J CoxNot vulnerable. This issue did not affect the versions of M
20        1                   Red
                     CVE-2002-2043Hat 2006-08-30Mark J CoxNot vulnerable. This issue only affects a third-party patch
21        1                   Red
                     CVE-2002-2061Hat 2006-08-30Mark J CoxNot vulnerable. This issue did not affect the versions of M
22        1                   EAST      2006-12-20Alexandra Predaissue has been addressed in the latest version of our
                     CVE-2002-2067 Technologies                 This
23        1                   Red
                     CVE-2002-2103Hat 2006-08-30Mark J CoxNot vulnerable. This issue did not affect the versions of Ap
24        1                   Red
                     CVE-2002-2196Hat 2006-08-30Mark J CoxThis issue did not affect the versions of Samba as distribu
25        1                   Red
                     CVE-2002-2204Hat 2006-08-30Mark J CoxWe do not believe this is a security vulnerability. This is th
26        1                   Red
                     CVE-2002-2210Hat 2006-08-30Mark J CoxNot vulnerable. This issue did not affect the RPM packag
27        1                   Red
                     CVE-2003-0131Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
28        1                   Red
                     CVE-2003-0147Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
29        1                   Red
                     CVE-2003-0367Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
30        1                   Red
                     CVE-2003-0427Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
31        1                   Red
                     CVE-2003-0543Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
32        1                   Red
                     CVE-2003-0544Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
33        1                   Red
                     CVE-2003-0545Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
34        1                   Red
                     CVE-2003-0618Hat 2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
35        1                   Red
                     CVE-2003-0860Hat 2006-08-30Mark J CoxWe do not consider these to be security issues:http://bugz
36        1                   Red
                     CVE-2003-0861Hat 2006-08-30Mark J CoxWe do not consider these to be security issues:http://bugz
37        1                   Red
                     CVE-2003-0885Hat 2006-08-30Mark J CoxThis issue did not affect the versions of Xscreensaver as d
38        1                   Red
                     CVE-2003-1138Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue.
39        1                   Red
                     CVE-2003-1307Hat 2006-10-25Mark J CoxThis is not a vulnerability. When PHP scripts are interpret
40        1                   Red
                     CVE-2003-1308Hat 2006-11-22Mark J CoxNot vulnerable. Red Hat Enterprise Linux 2.1 shipped with
41        1                   Red
                     CVE-2004-0079Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
42        1                   Red
                     CVE-2004-0112Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
43        1                   Red
                     CVE-2004-0174Hat 2006-08-30Mark J CoxNot vulnerable. This issue did not affect Linux.
44        1                   Red
                     CVE-2004-0175Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
45        1                   Red
                     CVE-2004-0230Hat 2006-08-16Mark J CoxThe DHS advisory is a good source of background inform
46        1                   Red
                     CVE-2004-0603Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
47        1                   Red
                     CVE-2004-0687Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
48        1                   Red
                     CVE-2004-0688Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
49        1                   Red
                     CVE-2004-0806Hat 2006-08-30Mark J CoxNot vulnerable. cdrecord is not shipped setuid and does n
50        1                   Red
                     CVE-2004-0811Hat 2006-08-31Mark J CoxNot Vulnerable. This issue only affected Apache 2.0.51, w
51        1                   Red
                     CVE-2004-0829Hat 2006-08-30Mark J CoxWe do not class this as a security issue; this can only cau


                                                  Page 1
                                  statement


52    1            Red
          CVE-2004-0914Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
53    1            Red
          CVE-2004-0941Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
54    1            Red
          CVE-2004-0967Hat   2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
55    1            Red
          CVE-2004-0971Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
56    1            Red
          CVE-2004-0975Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
57    1            Red
          CVE-2004-0976Hat   2007-03-14Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
58    1            Red
          CVE-2004-0996Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
59    1            Red
          CVE-2004-1002Hat   2006-08-30Mark J CoxThis issue is only will only cause a denial of service on the
60    1            Red
          CVE-2004-1051Hat   2006-08-30Mark J CoxWe do not consider this to be a security issue:http://bugzil
61    1            Red
          CVE-2004-1170Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
62    1            Red
          CVE-2004-1177Hat   2006-08-30Mark J CoxThis issue did not affect the versions of mailman shipped
63    1            Red
          CVE-2004-1185Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
64    1            Red
          CVE-2004-1186Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
65    1            Red
          CVE-2004-1287Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
66    1            Red
          CVE-2004-1296Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
67    1            Red
          CVE-2004-1377Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
68    1            Red
          CVE-2004-1392Hat   2006-08-30Mark J CoxWe do not consider these to be security issues:http://bugz
69    1            Red
          CVE-2004-1392Hat   2006-08-30Mark J CoxWe do not consider these to be security issues:http://bugz
70    1            Red
          CVE-2004-1717Hat   2006-08-30Mark J CoxThis CVE is a duplicate (rediscovery) of CVE-2002-0838
71    1            Red
          CVE-2004-1808Hat   2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
72    1            Red
          CVE-2004-1880Hat   2006-08-30Mark J CoxNot vulnerable. These issues did not affect the versions o
73    1            Red
          CVE-2004-2300Hat   2006-08-30Mark J CoxNot vulnerable. We did not ship snmpd setuid root in Red
74    1            Red
          CVE-2004-2343Hat   2006-08-30Mark J CoxRed Hat does not consider this to be a security issue.
75    1            Red
          CVE-2004-2546Hat   2006-08-30Mark J CoxNot vulnerable. This issue did not affect the versions of S
76    1            Red
          CVE-2004-2654Hat   2006-08-30Mark J CoxNot vulnerable. This issue only affected 2.5 STABLE4 an
77    1            Red
          CVE-2005-0085Hat   2006-08-30Mark J CoxNot vulnerable. These issues did not affect the versions o
78    1            Red
          CVE-2005-0109Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
79    1            Red
          CVE-2005-0256Hat   2006-10-23Mark J CoxNot vulnerable. Red Hat Enterprise Linux 2.1 shipped with
80    1            Red
          CVE-2005-0373Hat   2006-08-30Mark J CoxNot vulnerable. This issue did not affect the versions of Cy
81    1            Red
          CVE-2005-0448Hat   2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it for Red Ha
82    1            Red
          CVE-2005-0468Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
83    1            Red
          CVE-2005-0469Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
84    1            Red
          CVE-2005-0488Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
85    1            Red
          CVE-2005-0602Hat   2006-08-30Mark J CoxWe do not consider this a security vulnerability; this is the
86    1            Red
          CVE-2005-0605Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
87    1            Red
          CVE-2005-0758Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
88    1            Red
          CVE-2005-0953Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
89    1            Red
          CVE-2005-0988Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
90    1            Red
          CVE-2005-1038Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
91    1            Red
          CVE-2005-1111Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
92    1            Red
          CVE-2005-1119Hat   2006-08-30Mark J CoxWe do not consider this a security issue, the bug can only
93    1            Red
          CVE-2005-1194Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
94    1            Red
          CVE-2005-1228Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
95    1            Red
          CVE-2005-1229Hat   2006-08-30Mark J CoxThis is defined and documented behaviour:http://bugzilla.r
96    1            Red
          CVE-2005-1306Hat   2006-08-30Mark J CoxNot vulnerable. Adobe told us this issue did not affect the
97    1            Red
          CVE-2005-1544Hat   2006-08-30Mark J CoxNot vulnerable. This issue did not affect the versions of lib
98    1            Red
          CVE-2005-1704Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
99    1            Red
          CVE-2005-1705Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
100   1            Red
          CVE-2005-1751Hat   2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
101   1            Red
          CVE-2005-1753Hat   2006-08-30Mark J CoxWe do not believe this is a security issue; this is a delibera
102   1            Red
          CVE-2005-2069Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
103   1            Red
          CVE-2005-2096Hat   2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a


                                    Page 2
                                   statement


104   1            Red
          CVE-2005-2475Hat    2007-03-14Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
105   1            Red
          CVE-2005-2541Hat    2006-08-30Mark J CoxThis is the documented and expected behaviour of tar.
106   1            Red
          CVE-2005-2547Hat    2006-08-30Mark J CoxNot vulnerable. These issues did not affect the version of
107   1            Red
          CVE-2005-2642Hat    2006-08-30Mark J CoxNot vulnerable. This issue did not affect the Linux version
108   1            Red
          CVE-2005-2666Hat                        Red Hat is aware of this issue and is tracking it via the foll
                              2006-09-20Joshua Bressers
109   1            Red
          CVE-2005-2693Hat    2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
110   1            Red
          CVE-2005-2798Hat                        This issue does not affect Red Hat Enterprise Linux 2.1 an
                              2006-11-20Joshua Bressers
111   1            Red
          CVE-2005-2929Hat    2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
112   1            Red
          CVE-2005-2946Hat                        Red Hat is aware of this issue and is tracking it via the foll
                              2006-09-20Joshua Bressers
113   1            Red
          CVE-2005-2959Hat    2006-08-30Mark J CoxWe do not consider this to be a security issue:http://bugzil
114   1            Red
          CVE-2005-2968Hat    2006-08-30Mark J CoxNot vulnerable. These issues did not affect the versions o
115   1            Red
          CVE-2005-2969Hat    2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
116   1            Red
          CVE-2005-2975Hat    2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
117   1            Red
          CVE-2005-2976Hat    2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
118   1            Red
          CVE-2005-2991Hat    2006-08-30Mark J CoxNot vulnerable. This issue did not affect the ncompress p
119   1            Red
          CVE-2005-3011Hat    2007-03-14Mark J CoxUpdated packages to correct this issue are available along
120   1            Red
          CVE-2005-3054Hat    2006-08-30Mark J CoxWe do not consider these to be security issues:http://bugz
121   1            Red
          CVE-2005-3120Hat    2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
122   1            Red
          CVE-2005-3183Hat    2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
123   1            Red
          CVE-2005-3186Hat    2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
124   1            Red
          CVE-2005-3191Hat    2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
125   1            Red
          CVE-2005-3192Hat    2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
126   1            Red
          CVE-2005-3193Hat    2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
127   1            Red
          CVE-2005-3258Hat    2006-08-30Mark J CoxNot vulnerable. These issues do not affect the versions of
128   1            Red
          CVE-2005-3391Hat    2006-08-30Mark J CoxWe do not consider these to be security issues:http://bugz
129   1            Red
          CVE-2005-3392Hat    2006-08-30Mark J CoxWe do not consider these to be security issues:http://bugz
130   1            Red
          CVE-2005-3582Hat    2006-08-16Mark J CoxNot vulnerable. This issue is caused by the way ImageMa
131   1            Red
          CVE-2005-3624Hat    2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
132   1            Red
          CVE-2005-3625Hat    2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
133   1            Red
          CVE-2005-3626Hat    2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
134   1            Red
          CVE-2005-3627Hat    2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
135   1            Red
          CVE-2005-3628Hat    2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
136   1            Red
          CVE-2005-3964Hat    2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
137   1            Red
          CVE-2005-4268Hat    2007-03-14Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
138   1            Red
          CVE-2005-4348Hat    2007-01-31Mark J CoxThe Red Hat Security Response Team has rated this issu
139   1            Red
          CVE-2005-4442Hat    2006-08-30Mark J CoxThis issue did not affect the versions of OpenLDAP as dis
140   1   CVE-2005-4481
                   Polopoly                       1. The
                              2006-10-05Jorgen Rydenius XSS flaw described was only part of the custom im
141   1            Speartek
          CVE-2005-4493                           We
                              2006-11-07Jesse Heady are aware of numerous existing script vulnerabilities a
142   1            Red
          CVE-2005-4636Hat    2006-08-30Mark J CoxThis issue did not affect the versions of OpenOffice.org as
143   1            Red
          CVE-2005-4667Hat    2007-03-14Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
144   1            Red
          CVE-2005-4745Hat    2006-08-30Mark J CoxNot vulnerable. This issue did not affect the FreeRADIUS
145   1            Red
          CVE-2005-4746Hat    2006-08-30Mark J CoxNot vulnerable. This issue did not affect the FreeRADIUS
146   1            Red
          CVE-2005-4784Hat    2006-08-30Mark J CoxThis issue did not affect the Linux glibc.
147   1            Red
          CVE-2005-4807Hat    2006-08-24Mark J Coxgas (and gcc) make no promise that they are fault toleran
148   1            Red
          CVE-2005-4808Hat    2006-08-24Mark J Coxgas (and gcc) make no promise that they are fault toleran
149   1            Red
          CVE-2006-0043Hat    2006-08-30Mark J CoxThis issue did not affect Red Hat Enterprise Linux 2.1, 3, o
150   1            Red
          CVE-2006-0225Hat                        Red Hat is aware of this issue and is tracking it via the foll
                              2006-09-20Joshua Bressers
151   1            Red
          CVE-2006-0236Hat    2006-08-30Mark J CoxNot vulnerable. We verified that this issue does not affect
152   1            Red
          CVE-2006-0321Hat    2006-08-30Mark J CoxThis issue did not affect the versions of Fetchmail as distr
153   1            Red
          CVE-2006-0405Hat    2006-08-30Mark J CoxThis issue did not affect the versions of libtiff as distributed
154   1            Red
          CVE-2006-0454Hat    2006-09-17Mark J CoxNot vulnerable. This vulnerability was introduced into the
155   1            Red
          CVE-2006-0459Hat    2006-08-16Mark J CoxThis issue only affects parsers which are generated by gra


                                     Page 3
                                     statement


156   1            Mandriva 2006-10-04Vincent Danen
          CVE-2006-0512                          Mandriva has patched the migrationtools since August 20
157   1            Red
          CVE-2006-0553Hat 2006-08-30Mark J CoxThis issue did not affect the versions of PostgreSQL as di
158   1            Red                           Red Hat is aware of this issue and is tracking it via the foll
          CVE-2006-0576Hat 2006-09-20Joshua Bressers
159   1            Red
          CVE-2006-0670Hat 2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
160   1            Red
          CVE-2006-0730Hat 2006-08-16Mark J CoxThis issue only affected Dovecot versions 1.0beta1 and 1.
161   1            Red
          CVE-2006-0743Hat 2006-11-22Mark J CoxNot vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do
162   1            Red
          CVE-2006-0883Hat 2006-08-30Mark J CoxThis issue did not affect the versions of OpenSSH as distr
163   1            Red
          CVE-2006-0903Hat 2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
164   1            Red
          CVE-2006-1014Hat 2006-08-30Mark J CoxWe do not consider these to be security issues:http://bugz
165   1            Red
          CVE-2006-1015Hat 2006-08-30Mark J CoxWe do not consider these to be security issues:http://bugz
166   1            Kwik-Pay 2007-02-19Alastair Robertson
          CVE-2006-1050                          The kwikpay.mdb file supplied with kwikpay is a template
167   1            Red
          CVE-2006-1057Hat 2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
168   1            Red
          CVE-2006-1058Hat 2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
169   1            Red
          CVE-2006-1095Hat 2006-08-30Mark J CoxThis issue did not affect the versions of mod_python as di
170   1            Red
          CVE-2006-1168Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
171   1            Red
          CVE-2006-1174Hat 2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
172   1            Red
          CVE-2006-1251Hat 2006-08-30Mark J CoxNot vulnerable. greylistclean.cron is not supplied in the ex
173   1            Benson Solutions
          CVE-2006-1372                          WebCalendar v4 has been updated to include fixes that fi
                             2007-01-03Greg Benson
174   1            Red
          CVE-2006-1494Hat 2006-08-30Mark J CoxThis issue did not affect the versions of OpenSSH as distr
175   1            Red
          CVE-2006-1542Hat 2007-03-14Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
176   1            Red
          CVE-2006-1608Hat 2006-08-30Mark J CoxWe do not consider these to be security issues:http://bugz
177   1            Mandriva 2006-07-20Vincent Danen
          CVE-2006-1624                          Mandriva does not enable the -r option in syslogd per defa
178   1            Red                           Red Hat does not consider this to be a security issue. Ena
          CVE-2006-1624Hat 2006-12-06Joshua Bressers
179   1            Red
          CVE-2006-2073Hat 2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
180   1            Red
          CVE-2006-2083Hat 2006-08-30Mark J CoxNot vulnerable. This issue does not affect the versions of
181   1            Red
          CVE-2006-2193Hat 2007-03-14Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
182   1            Red
          CVE-2006-2194Hat 2006-08-16Mark J CoxNot vulnerable. The winbind plugin is not shipped with Re
183   1            Red
          CVE-2006-2369Hat 2006-08-16Mark J CoxThis issue only affected version 4.1.1 and not the versions
184   1            Red
          CVE-2006-2414Hat 2006-08-30Mark J CoxNot vulnerable. This issue does not affect the versions of
185   1            Red
          CVE-2006-2440Hat 2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
186   1            Red
          CVE-2006-2450Hat 2006-08-24Mark J CoxNot vulnerable. This issue does not affect the versions of
187   1            Red
          CVE-2006-2502Hat 2006-08-30Mark J CoxNot vulnerable. This issue does not affect the versions of
188   1            Red
          CVE-2006-2563Hat 2006-09-20Mark J CoxWe do not consider these to be security issues. For more
189   1            Red
          CVE-2006-2607Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
190   1            Red
          CVE-2006-2656Hat 2007-03-14Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
191   1            Red
          CVE-2006-2660Hat 2006-08-30Mark J CoxThis is not an issue that affects users of Red Hat Enterpris
192   1            Red
          CVE-2006-2754Hat 2006-08-16Mark J CoxThis issue is not exploitable as the status file is only writte
193   1            Red
          CVE-2006-2789Hat 2006-08-30Mark J CoxNot vulnerable. This issue does not affect the versions of
194   1            Red
          CVE-2006-2906Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
195   1            Red
          CVE-2006-2916Hat 2006-08-16Mark J CoxNot vulnerable. We do not ship aRts as setuid root on Re
196   1            Red
          CVE-2006-2937Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
197   1            Red
          CVE-2006-2940Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
198   1            Red
          CVE-2006-3005Hat 2006-08-24Mark J CoxRed Hat does not consider this a security issue. It is expe
199   1            Red
          CVE-2006-3011Hat 2006-09-20Mark J CoxWe do not consider these to be security issues. For more
200   1            Red
          CVE-2006-3018Hat 2006-09-20Mark J CoxUnknown: CVE-2006-3018 has been assigned to an issue
201   1            Red
          CVE-2006-3083Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
202   1            Red
          CVE-2006-3093Hat 2006-08-16Mark J CoxNot vulnerable. Adobe told us that this issue does not affe
203   1            Red
          CVE-2006-3145Hat 2006-08-30Mark J CoxThis issue did not affect the versions of NetPBM distribute
204   1            Red
          CVE-2006-3174Hat 2006-08-30Mark J CoxThis issue has not been able to be reproduced by upstrea
205   1            Red
          CVE-2006-3334Hat 2006-08-16Mark J CoxOn Red Hat Enterprise Linux 2.1, 3, and 4 this is a two-by
206   1            Red
          CVE-2006-3376Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
207   1            Red
          CVE-2006-3378Hat 2006-08-16Mark J CoxThis issue affects the version of the passwd command fro


                                       Page 4
                                     statement


208   1            Red
          CVE-2006-3459Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
209   1            Red
          CVE-2006-3460Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
210   1            Red
          CVE-2006-3461Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
211   1            Red
          CVE-2006-3462Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
212   1            Red
          CVE-2006-3463Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
213   1            Red
          CVE-2006-3464Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
214   1            Red
          CVE-2006-3465Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
215   1            Red
          CVE-2006-3467Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
216   1            Red
          CVE-2006-3469Hat 2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
217   1            Red
          CVE-2006-3486Hat 2006-07-19Mark J CoxWe do not consider this issue to have security implications
218   1            Red
          CVE-2006-3587Hat 2006-08-16Mark J CoxAdobe gave a statement that these issues do not affect th
219   1            Red
          CVE-2006-3588Hat 2006-08-16Mark J CoxAdobe gave a statement that these issues do not affect th
220   1            Red
          CVE-2006-3619Hat 2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
221   1            Red
          CVE-2006-3626Hat 2006-07-19Mark J CoxThis vulnerability does not affect Red Hat Enterprise Linux
222   1            Red
          CVE-2006-3672Hat 2006-08-30Mark J CoxWe do not consider a crash of a client application such as
223   1            Red
          CVE-2006-3731Hat 2006-08-30Mark J CoxWe do not consider a user-assisted crash of a client appli
224   1            Red
          CVE-2006-3738Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
225   1            Red
          CVE-2006-3742Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
226   1            Red
          CVE-2006-3743Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
227   1            Red
          CVE-2006-3744Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
228   1            Red
          CVE-2006-3747Hat 2006-07-31Mark J CoxThe ability to exploit this issue is dependent on the stack l
229   1            Red
          CVE-2006-3835Hat 2006-08-24Mark J CoxThis issue is not a security issue in Tomcat itself, but is ca
230   1            Red
          CVE-2006-3879Hat 2006-08-16Mark J CoxThis issue does not affect versions of Mikmod 3.2.0-beta2
231   1            Red
          CVE-2006-4031Hat 2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
232   1            Red
          CVE-2006-4095Hat 2006-09-06Mark J CoxNot Vulnerable. The version of BIND that ships with Red
233   1            Red
          CVE-2006-4096Hat 2006-09-08Mark J CoxNot Vulnerable. This issue was found and fixed as part of
234   1            Red
          CVE-2006-4124Hat 2006-08-16Mark J CoxLessTif is shipped with Red Hat Enterprise Linux 2.1 but n
235   1            Red
          CVE-2006-4144Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
236   1            Red
          CVE-2006-4146Hat 2007-03-14Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
237   1            Red                          Not Vulnerable. Red Hat does not ship GNU Radius in Re
          CVE-2006-4181Hat 2006-12-04Joshua Bressers
238   1            Red                          Red Hat is aware of this issue and is tracking it via the foll
          CVE-2006-4192Hat 2007-01-26Joshua Bressers
239   1            ASPPlayground.NET
          CVE-2006-4206                         The
                             2006-12-20Samuel Chou issue has been fixed in the latest round of patch relea
240   1            Red
          CVE-2006-4226Hat 2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
241   1            Red
          CVE-2006-4227Hat 2006-08-24Mark J CoxNot vulnerable. These issues do not affect the versions o
242   1            Red
          CVE-2006-4262Hat 2007-03-14Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
243   1            Red                          Red Hat does not consider this flaw a security issue. This
          CVE-2006-4310Hat 2006-09-21Joshua Bressers
244   1            Red
          CVE-2006-4334Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
245   1            Red
          CVE-2006-4335Hat 2007-03-14Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
246   1            Red
          CVE-2006-4336Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
247   1            Red
          CVE-2006-4337Hat 2007-03-14Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
248   1            Red
          CVE-2006-4338Hat 2007-03-14Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
249   1            Red
          CVE-2006-4339Hat 2007-03-14Mark J CoxVulnerable. This issue affects OpenSSL and OpenSSL co
250   1            Red
          CVE-2006-4343Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
251   1            Red
          CVE-2006-4434Hat 2006-08-30Mark J CoxThis flaw causes a crash but does not result in a denial of
252   1            Red
          CVE-2006-4447Hat 2006-09-12Mark J CoxNot Vulnerable. This issue does not exist in Red Hat Ente
253   1            Red
          CVE-2006-4481Hat 2006-09-20Mark J CoxWe do not consider these to be security issues. For more
254   1            Red
          CVE-2006-4513Hat 2007-02-09Mark J CoxNot vulnerable. This issue did not affect versions of wvW
255   1            Red
          CVE-2006-4514Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
256   1            Red
          CVE-2006-4572Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
257   1            Red
          CVE-2006-4600Hat 2006-09-20Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
258   1            Red                          Red Hat is aware of this issue and is tracking it via the foll
          CVE-2006-4623Hat 2006-09-21Joshua Bressers
259   1            Red
          CVE-2006-4624Hat 2006-09-19Mark J CoxRed Hat is aware of this issue and is tracking it via the foll


                                      Page 5
                                      statement


260   1            Red
          CVE-2006-4625Hat 2006-09-20Mark J CoxWe do not consider these to be security issues. For more
261   1            PunBB
          CVE-2006-4759                            PunBB
                              2006-09-28Rickard Andersson1.2.13 has been released to fix this vulnerability. T
262   1            Red
          CVE-2006-4790Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
263   1            Red
          CVE-2006-4806Hat 2006-11-22Mark J CoxNot vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do
264   1            Red
          CVE-2006-4807Hat 2006-11-22Mark J CoxNot vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do
265   1            Red
          CVE-2006-4808Hat 2006-11-22Mark J CoxNot vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do
266   1            Red
          CVE-2006-4809Hat 2006-11-22Mark J CoxNot vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do
267   1            Red
          CVE-2006-4810Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
268   1            Red
          CVE-2006-4811Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
269   1            Red
          CVE-2006-4812Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
270   1            Red
          CVE-2006-4814Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
271   1            Red
          CVE-2006-4842Hat 2007-01-11Mark J CoxThis issue also affects other OS that use NSPR. Howeve
272   1            Red
          CVE-2006-4924Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
273   1            Red                             Red Hat does not consider this flaw a security issue. This
          CVE-2006-4925Hat 2006-10-31Joshua Bressers
274   1            Red
          CVE-2006-4980Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
275   1            Red
          CVE-2006-5051Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
276   1            Red                             Not Vulnerable. After extensive research and numerous u
          CVE-2006-5052Hat 2006-10-31Joshua Bressers
277   1            Red                             Red Hat is aware of this issue and is tracking it via the foll
          CVE-2006-5158Hat 2006-10-16Joshua Bressers
278   1            Red                             Red Hat does not consider this issue to be a security vuln
          CVE-2006-5159Hat 2006-10-16Joshua Bressers
279   1            Red                             Red Hat does not consider this issue to be a security vuln
          CVE-2006-5160Hat 2006-10-16Joshua Bressers
280   1            Red                             Not Vulnerable. This flaw only affects kernel versions 2.6
          CVE-2006-5173Hat 2006-11-03Joshua Bressers
281   1            Red                             We do
          CVE-2006-5178Hat 2006-12-04Joshua Bressers not consider these to be security issues. For more
282   1            Red
          CVE-2006-5214Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
283   1            Red
          CVE-2006-5215Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
284   1            Red                             Red Hat has been unable to reproduce this flaw and belie
          CVE-2006-5229Hat 2006-10-11Joshua Bressers
285   1            Red                             Red Hat is aware of this issue and is tracking it via the foll
          CVE-2006-5297Hat 2007-03-14Joshua Bressers
286   1            Red                             Red Hat is aware of this issue and is tracking it via the foll
          CVE-2006-5298Hat 2007-03-14Joshua Bressers
287   1            Red
          CVE-2006-5397Hat 2007-03-14Mark J CoxNot vulnerable. These issues did not affect the versions o
288   1            Red
          CVE-2006-5456Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
289   1            Red
          CVE-2006-5465Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
290   1            Red                             Red Hat is aware of this issue and is tracking it via the foll
          CVE-2006-5466Hat 2007-03-14Joshua Bressers
291   1            Red
          CVE-2006-5467Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
292   1            Red                             Red Hat is aware of this issue and are tracking it via bug 2
          CVE-2006-5619Hat 2006-11-07Joshua Bressers
293   1            Rave
          CVE-2006-5621                            Ask_rave 0.9b has been released for immediate download
                              2006-12-12Peter Graham
294   1            Red                             Red Hat does not consider a user-assisted crash of a clie
          CVE-2006-5633Hat 2006-11-07Joshua Bressers
295   1            Red                             Not Vulnerable. The squashfs module is not distributed a
          CVE-2006-5701Hat 2007-03-14Joshua Bressers
296   1            Red
          CVE-2006-5706Hat 2006-11-10Mark J CoxWe do not consider these to be security issues. For more
297   1            Red
          CVE-2006-5749Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
298   1            Red                             This flaw does not affect the Linux kernel shipped with Re
          CVE-2006-5751Hat 2006-12-12Joshua Bressers
299   1            Red
          CVE-2006-5753Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
300   1            Red
          CVE-2006-5757Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
301   1            Drake
          CVE-2006-5767 CMS2006-12-20Daniele C. The Drake Team has published an apposite news about t
302   1            Red                             Not Vulnerable. The OpenLDAP versions shipped with Re
          CVE-2006-5779Hat 2007-03-14Joshua Bressers
303   1            Red                             Red Hat is aware of this issue and is tracking it via bug 21
          CVE-2006-5794Hat 2007-03-14Joshua Bressers
304   1            Red                             The CVE-2006-5823 is about a corrupted cramfs (MOKB-
          CVE-2006-5823Hat 2007-03-14Joshua Bressers
305   1            abarcar Software
          CVE-2006-5840                            The version
                              2006-12-20Helmut Fleischhauer 5.1.5 of the abarcar Realty Portal has been d
306   1            Red
          CVE-2006-5864Hat 2007-03-14Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
307   1            Red
          CVE-2006-5868Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
308   1            Red
          CVE-2006-5870Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
309   1            Red
          CVE-2006-5876Hat 2007-03-14Mark J CoxNot vulnerable. The vulnerable code is not used by any ap
310   1            Red
          CVE-2006-5969Hat 2006-11-22Mark J CoxNot vulnerable. Red Hat Enterprise Linux 2.1 shipped with
311   1            Red
          CVE-2006-5974Hat 2007-01-11Mark J CoxNot vulnerable. This issue does not affect the versions of


                                       Page 6
                                      statement


312   1            Red
          CVE-2006-5989Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
313   1            Red                             Red Hat does not consider unexploitable client application
          CVE-2006-6015Hat 2006-12-04Joshua Bressers
314   1            Red
          CVE-2006-6027Hat 2006-11-23Mark J CoxNot vulnerable. This issue did not affect Linux versions of
315   1            Red
          CVE-2006-6053Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
316   1            Red
          CVE-2006-6054Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
317   1            Red
          CVE-2006-6056Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
318   1            Red                             Not Vulnerable. The kernel as shipped with Red Hat Ente
          CVE-2006-6057Hat 2007-03-14Joshua Bressers
319   1            Red
          CVE-2006-6097Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
320   1            Red
          CVE-2006-6101Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
321   1            Red
          CVE-2006-6102Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
322   1            Red
          CVE-2006-6103Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
323   1            Red
          CVE-2006-6105Hat 2007-03-14Mark J CoxNot vulnerable. This flaw was first introduced in gdm vers
324   1            Red
          CVE-2006-6106Hat 2007-03-14Mark J CoxRed Hat is aware of this issue and is tracking it for Red Ha
325   1            Red
          CVE-2006-6107Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
326   1            Red
          CVE-2006-6142Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
327   1            Red
          CVE-2006-6143Hat 2007-03-14Mark J CoxNot vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 shi
328   1            Mandriva 2007-01-19Vincent Danen vulnerable. Mandriva 2007.0 and earlier ship with Ker
          CVE-2006-6144                            Not
329   1            Red
          CVE-2006-6144Hat 2007-03-14Mark J CoxNot vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 shi
330   1            Red                             Red Hat does not consider this bug to be a security flaw.
          CVE-2006-6169Hat 2007-03-14Joshua Bressers
331   1            Red
          CVE-2006-6235Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
332   1            Red
          CVE-2006-6236Hat 2006-12-19Mark J CoxNot vulnerable. This issue does not affect the Linux versio
333   1            Red
          CVE-2006-6297Hat 2006-12-19Mark J CoxWe do not consider a crash of a client application such as
334   1            Red                             Red Hat is aware of this issue and is tracking it via the foll
          CVE-2006-6303Hat 2007-03-14Joshua Bressers
335   1            Red                             Not vulnerable. This issue does not affect the versions of
          CVE-2006-6305Hat 2007-03-14Joshua Bressers
336   1            Red
          CVE-2006-6383Hat 2006-12-19Mark J CoxWe do not consider these to be security issues. For more
337   1            Red                             Not Vulnerable.eEye Research advisory AD20061207 (Int
          CVE-2006-6385Hat 2006-12-08Joshua Bressers
338   1            Red
          CVE-2006-6493Hat 2006-12-19Mark J CoxNot vulnerable. OpenLDAP as shipped with Red Hat Ente
339   1            Red                             Red Hat does not consider this flaw a security issue. This
          CVE-2006-6628Hat 2007-01-15Joshua Bressers
340   1            Red
          CVE-2006-6660Hat 2007-02-02Mark J CoxNot vulnerable. This issue did not affect the versions of KD
341   1            Red
          CVE-2006-6698Hat 2007-01-11Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
342   1            Red
          CVE-2006-6719Hat 2007-03-14Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
343   1            Red
          CVE-2006-6772Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
344   1            Red
          CVE-2006-6811Hat 2007-01-18Mark J CoxWe do not consider a crash of a client application such as
345   1            Red
          CVE-2006-6939Hat 2007-01-18Mark J CoxRed Hat is aware of this issue and is tracking it via the foll
346   1            Red
          CVE-2006-7051Hat 2007-03-14Mark J CoxThis issue can only be exploited if pending signals (ulimit -
347   1            Red
          CVE-2006-7098Hat 2007-03-05Mark J CoxNot vulnerable. This issue was specific to a Debian patch
348   1            Red
          CVE-2006-7108Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
349   1            Red
          CVE-2006-7139Hat 2007-03-08Mark J CoxNot vulnerable. Our testing found that this issue did not af
350   1            Red
          CVE-2007-0003Hat 2007-01-24Mark J CoxNot vulnerable. These issues did not affect the versions o
351   1            Red
          CVE-2007-0010Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
352   1            Apple
          CVE-2007-0059       2007-03-19Ron Dumont This issue is addressed in QuickTime 7.1.5, which was re
353   1            Red
          CVE-2007-0080Hat 2007-01-05Mark J CoxNot vulnerable. The affected code is in an optional modul
354   1            Red
          CVE-2007-0086Hat 2007-01-11Mark J CoxRed Hat does not consider this issue to be a security vuln
355   1            Red                             Not Vulnerable. This flaw is the result of an infinite recurs
          CVE-2007-0104Hat 2007-01-15Joshua Bressers
356   1            Acunetix Limited
          CVE-2007-0120                            Information about HTTP Sniffer:The HTTP Sniffer is an in
                              2007-01-31Kevin J. Vella
357   1            Red
          CVE-2007-0157Hat 2007-01-15Mark J CoxNot vulnerable. This issue does not affect the older versio
358   1            Mandriva 2007-01-19Vincent Danen vulnerable. This issue does not affect the versions of
          CVE-2007-0227                            Not
359   1            Red
          CVE-2007-0227Hat 2007-01-18Mark J CoxNot vulnerable. This issue did not affect the versions of slo
360   1            Red                             Not vulnerable. This issue did not affect the versions of lib
          CVE-2007-0235Hat 2007-03-14Joshua Bressers
361   1            Red
          CVE-2007-0247Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
362   1            Red
          CVE-2007-0248Hat 2007-03-14Mark J CoxRed Hat Enterprise Linux 5 is not vulnerable to this issue a
363   1            Red
          CVE-2007-0453Hat 2007-02-13Mark J CoxNot vulnerable. These issues did not affect the Linux vers


                                       Page 7
                                     statement


364   1            Red
          CVE-2007-0454Hat 2007-02-13Mark J CoxNot vulnerable. These issues affect the AFS ACL module
365   1            Red                           Not vulnerable. This issue did not affect the versions of IS
          CVE-2007-0493Hat 2007-01-29Joshua Bressers
366   1            Red                           Red Hat is aware of this issue and is tracking it via the foll
          CVE-2007-0537Hat 2007-02-15Joshua Bressers
367   1            Red
          CVE-2007-0650Hat 2007-02-13Mark J CoxRed Hat does not consider this issue to be a security vuln
368   1            Red
          CVE-2007-0770Hat 2007-02-14Mark J CoxNot vulnerable. Red Hat did not ship the incomplete patch
369   1            Red
          CVE-2007-0822Hat 2007-02-09Mark J CoxRed Hat does not consider this issue to be a security vuln
370   1            Red
          CVE-2007-0823Hat 2007-02-09Mark J CoxRed Hat does not consider this issue to be a security vuln
371   1            SmidgeonSoft
          CVE-2007-0879                          Unusually large strings would crash the display. The bug
                            2007-02-19Russell Osterlund
372   1            Red
          CVE-2007-0911Hat 2007-02-16Mark J CoxNot vulnerable. This flaw is a regression of the fix for CVE
373   1            Red
          CVE-2007-1396Hat 2007-03-19Mark J CoxRed Hat does not consider this to be a security vulnerabili
374   1            Red
          CVE-2007-1401Hat 2007-03-19Mark J CoxNot vulnerable. PHP as shipped with Red Hat Enterprise L
375   1            Red
          CVE-2007-1411Hat 2007-03-19Mark J CoxNot vulnerable. PHP as shipped with Red Hat Enterprise L
376   1            Red
          CVE-2007-1412Hat 2007-03-19Mark J CoxNot vulnerable. PHP as shipped with Red Hat Enterprise L
377   1            Red
          CVE-2007-1413Hat 2007-03-19Mark J CoxNot vulnerable. The php-snmp package as shipped with R
378   1            Red                           Red Hat is aware of this issue and is tracking it via the foll
          CVE-2007-1420Hat 2007-03-23Joshua Bressers
379   1            Red                           Red Hat is aware of this issue and is tracking it via the foll
          CVE-2007-1564Hat 2007-03-23Joshua Bressers




                                       Page 8
                                                                   statement



nsider CVE-1999-0997 to be a security vulnerability. The wu-ftpd process chroots itself into the target ftp directory and will only run external c
  nux 5 is not vulnerable to this issue as it contains a backported patch.
   of Razor address this issue and utilize a more robust encryption mechanism for the Razor password. If you are under maintenance, you hav
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 2.1 ships with wu-ftp version 2.6.2 which is not vulnerable to this issue.
  s to vulnerabilities found when SUSE did a code audit of the wu-ftpd glob.c file in wu-ftpd 2.6.0. They shared these details with the wu-ftpd u
 ssue did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
 issue. The mod_usertrack cookies are not designed to be used for authentication.
VE name and is a combination of CVE-2003-0020 and CVE-2003-0083.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 ssue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
 ssue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4.
 ssue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4.
 ssue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4.
 ssue did not affect the versions of Apache HTTP server as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162899The Red Hat Security Response
 ssue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
 ssue only affects a third-party patch to Cyrus SASL, not distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
 ssue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
addressed in the latest version of our product, East-Tec Eraser 2007 and you may download it from http://www.east-tec.com
 ssue did not affect the versions of Apache HTTP server as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
ect the versions of Samba as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
 s is a security vulnerability. This is the documented and expected behaviour of rpm.
 issue did not affect the RPM packages of OpenOffice as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=114923The Red Hat Security Response
hese to be security issues:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
hese to be security issues:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
ect the versions of Xscreensaver as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
  nux 5 is not vulnerable to this issue.
  ility. When PHP scripts are interpreted using the dynamically loaded mod_php DSO, the PHP interpreter executes with the privileges of the
Hat Enterprise Linux 2.1 shipped with fvwm, however this issue does not affect the included version of fvwm.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 issue did not affect Linux.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 a good source of background information about theissue: http://www.us-cert.gov/cas/techalerts/TA04-111A.htmlIt is important to note that th
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
cord is not shipped setuid and does not need to be made setuid with Red Hat Enterprise Linux 2.1, 3, or 4 packages.
   issue only affected Apache 2.0.51, which was not shipped in any version of Red Hat Enterprise Linux.
as a security issue; this can only cause a denial of service for the attacker.


                                                                     Page 9
                                                                  statement


  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140074The Red Hat Security Response
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140058The Red Hat Security Response
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  only cause a denial of service on the connection the attacker is using. It therefore is not a security issue.
his to be a security issue:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478#c1
  nux 5 is not vulnerable to this issue as it contains a backported patch.
ect the versions of mailman shipped with Red Hat Enterprise Linux 2.1, 3, or 4. In addition, we believe this issue does not apply to the 2.0.x v
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
hese to be security issues:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
hese to be security issues:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
  te (rediscovery) of CVE-2002-0838
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=157663The Red Hat Security Response
e issues did not affect the versions of OpenLDAP as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
 id not ship snmpd setuid root in Red Hat Enterprise Linux 2.1, 3, or 4.
nsider this to be a security issue.
 issue did not affect the versions of Samba as distributed with Red Hat Enterprise Linux 3, or 4. Red Hat Enterprise Linux 2.1 shipped with a
 issue only affected 2.5 STABLE4 and 2.5 STABLE5 versions of Squid and does not affect the versions of Squid distributed with Red Hat Ent
e issues did not affect the versions of htdig as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.http://bugzilla.redhat.com/bugzilla/show_bu
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 Hat Enterprise Linux 2.1 shipped with wu-ftpd, however we were unable to reproduce this issue. Additionally, a code analysis showed that a
 ssue did not affect the versions of Cyrus SASL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
 his issue and is tracking it for Red Hat Enterprise Linux 2.1 via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=16105
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
his a security vulnerability; this is the expected behaviour.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
his a security issue, the bug can only manifest if the software is invoked on a sudoers file that is contained in a world writable directory.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
ocumented behaviour:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=156313
be told us this issue did not affect the Linux version of Adobe Reader.
 ssue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158995The Red Hat Security Response
 s is a security issue; this is a deliberate circumvention of the Javamail API. The Javamail API provides a comprehensive and secure method
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.


                                                                   Page 10
                                                                   statement


 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=164927The Red Hat Security Response
 ed and expected behaviour of tar.
 e issues did not affect the version of BlueZ as shipped with Red Hat Enterprise Linux 4.
 issue did not affect the Linux versions of Mutt.
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162681The Red Hat Security Response
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 ffect Red Hat Enterprise Linux 2.1 and 3.This flaw was fixed in Red Hat Enterprise Linux 4 via errata RHSA-2005:527:http://rhn.redhat.com/e
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169803The Red Hat Security Response
 his to be a security issue:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478#c1
 e issues did not affect the versions of Mozilla and Firefox as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 issue did not affect the ncompress packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
  correct this issue are available along with our advisory:http://rhn.redhat.com/errata/CVE-2005-3011.htmlRed Hat Enterprise Linux 5 is not v
 hese to be security issues:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170518The Red Hat Security Response
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 e issues do not affect the versions of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
 hese to be security issues:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
 hese to be security issues:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
 issue is caused by the way ImageMagick was packaged by Gentoo and does not affect Red Hat Enterprise Linux packages.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172865The Red Hat Security Response
y Response Team has rated this issue as having low security impact. An update is available for Red Hat Enterprise Linux 4 to correct this iss
ect the versions of OpenLDAP as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
cribed was only part of the custom implementation of the http://www.polopoly.com/ site. It was never part of any version of any Polopoly produ
merous existing script vulnerabilities and exploits and stand by the security of our system and our ability to address these. This particular exp
ect the versions of OpenOffice.org as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178960The Red Hat Security Response
 issue did not affect the FreeRADIUS packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
 issue did not affect the FreeRADIUS packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
ect the Linux glibc.
no promise that they are fault tolerant to bad input. We do not plan on producing security updates for Red Hat Enterprise Linux to correct the
no promise that they are fault tolerant to bad input. We do not plan on producing security updates for Red Hat Enterprise Linux to correct the
ect Red Hat Enterprise Linux 2.1, 3, or 4.
 his issue and is tracking it via the following bug for Red Hat Enterprise Linux 2.1https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026
verified that this issue does not affect Linux versions of Thunderbird.
ect the versions of Fetchmail as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
ect the versions of libtiff as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
 vulnerability was introduced into the Linux kernel in version 2.6.12 and therefore does not affect users of Red Hat Enterprise Linux 2.1, 3, or
 s parsers which are generated by grammars which either use REJECT or rules with a variable trailing context (in these rules the parser has


                                                                    Page 11
                                                                    statement


d the migrationtools since August 2005 to use mktemp so is not vulnerable to this issue.
ect the versions of PostgreSQL as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
 his issue and is tracking it via the following bug for Red Hat Enterprise Linux 3https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207347T
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187945The Red Hat Security Response
 ed Dovecot versions 1.0beta1 and 1.0beta2. Red Hat Enterprise Linux 4 shipped with an earlier version of Dovecot and is therefore not vuln
Hat Enterprise Linux 2.1, 3, and 4 do not include log4net.
ect the versions of OpenSSH as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
 his issue and is tracking it via the following bug for Red Hat Enterprise Linux 2.1 and 3:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=
hese to be security issues:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
hese to be security issues:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
  supplied with kwikpay is a template for the database structure of user databases created by kwikpay and to store a demonstration payroll. It
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188302The Red Hat Security Response
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187385The Red Hat Security Response
ect the versions of mod_python as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193053The Red Hat Security Response
 istclean.cron is not supplied in the exim packages as distributed with Red Hat Enterprise Linux.
  been updated to include fixes that filter the url numeric and date variables in question and prevent non-numeric and non-date values from be
ect the versions of OpenSSH as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187900The Red Hat Security Response
hese to be security issues:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
nable the -r option in syslogd per default, which prevents syslogd from listening for remote events. The -x option is also described in /etc/sysc
nsider this to be a security issue. Enabling the -r option is not suggested without the -x option which is clearly documented in the /etc/sysconf
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192192The Red Hat Security Response
 issue does not affect the versions of rsync distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194362The Red Hat Security Response
winbind plugin is not shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
 ed version 4.1.1 and not the versions distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
 issue does not affect the versions of Dovecot distributed with Red Hat Enterprise Linux.
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192278The Red Hat Security Response
 issue does not affect the versions of LibVNCServer as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
 issue does not affect the versions of cyrus-imapd distributed with Red Hat Enterprise Linux.
hese to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1and http://www.php.net/secu
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193166The Red Hat Security Response
hat affects users of Red Hat Enterprise Linux. http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196255
oitable as the status file is only written to and read by the slurpd process. Therefore this is not a vulnerability that affects Red Hat Enterprise
 issue does not affect the versions of Evolution as distributed with Red Hat Enterprise Linux.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
do not ship aRts as setuid root on Red Hat Enterprise Linux 2.1, 3, or 4.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
nsider this a security issue. It is expected behavior that a large input file will cause the processing program to use a large amount of memory
hese to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1and http://www.php.net/secu
 -3018 has been assigned to an issue in PHP where the cause and fix are unknown, and the impact cannot be verified. The source of the CV
  nux 5 is not vulnerable to this issue as it contains a backported patch.
be told us that this issue does not affect the Linux versions of Adobe Acrobat Reader.
ect the versions of NetPBM distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
 en able to be reproduced by upstream or after a Red Hat code review. We therefore do not believe this is a security vulnerability.
  e Linux 2.1, 3, and 4 this is a two-byte overflow into the middle of the stack and is not exploitable.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  version of the passwd command from the shadow-utils package. Red Hat Enterprise Linux 2.1, 3, and 4 are not vulnerable to this issue.


                                                                     Page 12
                                                                    statement


  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205826The Red Hat Security Response
his issue to have security implications, and therefore have no plans to issue MySQL updates for Red Hat Enterprise Linux 2.1, 3, or 4 to corr
 ent that these issues do not affect the Linux versions of Macromedia Flash Player.
 ent that these issues do not affect the Linux versions of Macromedia Flash Player.
his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198912The Red Hat Security Response
s not affect Red Hat Enterprise Linux 2.1 or 3 as they are based on 2.4 kernels.The exploit relies on the kernel supporting the a.out binary fo
   crash of a client application such as Konqueror to be a security issue.
   user-assisted crash of a client application such as Firefox to be a security issue.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
his issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler has added padding to the stack im
curity issue in Tomcat itself, but is caused when directory listings are enabled.Details on how to disable directory listings are available at: http
 ffect versions of Mikmod 3.2.0-beta2 or prior. Versions of Mikmod distributed with Red Hat Enterprise Linux 2.1, 3, and 4 are based on vers
his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=202246The Red Hat Security Response
 version of BIND that ships with Red Hat Enterprise Linux is not vulnerable to this issue as it does not handle signed RR records.
  issue was found and fixed as part of Red Hat Enterprise Linux 4 update 4:http://rhn.redhat.com/errata/RHBA-2006-0288.htmland Red Hat E
 h Red Hat Enterprise Linux 2.1 but not 3 or 4. On Enterprise Linux 2.1 we build LessTif with debugging disabled, so the DEBUG_FILE envir
  nux 5 is not vulnerable to this issue as it contains a backported patch.
his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204841The Red Hat Security Response
 Hat does not ship GNU Radius in Red Hat Enterprise Linux 2.1, 3, or 4.
his issue and is tracking it via the following bug for Red Hat Enterprise Linux 3 and 4: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2
 xed in the latest round of patch released on Oct 15, 2006.
his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203426The Red Hat Security Response
 e issues do not affect the versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203645The Red Hat Security Response
nsider this flaw a security issue. This flaw is the result of a NULL pointer dereference, which is not exploitable and can only cause a client cra
  nux 5 is not vulnerable to this issue as it contains a backported patch.
his issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220595The Red Hat Security Respons
  nux 5 is not vulnerable to this issue as it contains a backported patch.
his issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220595The Red Hat Security Respons
his issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220595The Red Hat Security Respons
  e affects OpenSSL and OpenSSL compatibility packages in Red Hat Enterprise Linux 2.1, 3, and 4. Updates, along with our advisory are av
  nux 5 is not vulnerable to this issue as it contains a backported patch.
ash but does not result in a denial of service against Sendmail and is therefore not a security issue.
  ssue does not exist in Red Hat Enterprise Linux 2.1 or 3. This issue not exploitable in Red Hat Enterprise Linux 4. A detailed analysis of thi
hese to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1and http://www.php.net/secu
 issue did not affect versions of wvWare library included in koffice packages as shipped with Red Hat Enterprise Linux 2.1
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205826The Red Hat Security Response
his issue and is tracking it via the following bug for Red Hat Enterprise Linux 4:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204912T
his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205651The Red Hat Security Response


                                                                     Page 13
                                                                   statement


hese to be security issues. For more details seehttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1and http://www.php.net/secu
 en released to fix this vulnerability. The updated version is available at http://punbb.org/downloads.php.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2.
Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2.
Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2.
Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
s other OS that use NSPR. However, Red Hat does not ship any application linked setuid or setgid against NSPR and therefore is not vulne
  nux 5 is not vulnerable to this issue as it contains a backported patch.
nsider this flaw a security issue. This flaw can cause an OpenSSH client to crash when connecting to a malicious server, which does not resu
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
   extensive research and numerous upstream queries regarding this issue, Red Hat does not believe it exists.There is no evidence to sugges
his issue and is tracking it via the following bug for Red Hat Enterprise Linux 4:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210128T
nsider this issue to be a security vulnerability. We have been in contact with the upstream project regarding this problem and agree that this
nsider this issue to be a security vulnerability. We have been in contact with the upstream project regarding this problem and agree that this
  flaw only affects kernel versions 2.6.14 to 2.6.18. Red Hat Enterprise Linux 2.1, 3, and 4 does not ship with a vulnerable kernel version.
hese to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1and http://www.php.net/secu
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 able to reproduce this flaw and believes that the reporter was experiencing behavior specific to his environment. We will not be releasing up
his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211085The Red Hat Security Response
his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211085The Red Hat Security Response
e issues did not affect the versions of libX11 as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.Red Hat Enterprise Linux 5 is not vulnerab
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213515The Red Hat Security Response
  nux 5 is not vulnerable to this issue as it contains a backported patch.
his issue and are tracking it via bug 213214 for Red Hat Enterprise Linux 4:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213214This
een released for immediate download and versions 0.9PR and below have been rendered obsolete. All users using versions 0.9PR and prior
nsider a user-assisted crash of a client application such as Firefox to be a security issue.
 squashfs module is not distributed as part of Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue
hese to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1and http://www.php.net/secu
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 ect the Linux kernel shipped with Red Hat Enterprise Linux 2.1 or 3.This flaw affects the Linux kernel shipped with Red Hat Enterprise Linux
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  published an apposite news about the vulnerability: http://sourceforge.net/forum/forum.php?forum_id=636860.It is important to specify that t
 OpenLDAP versions shipped with Red Hat Enterprise Linux 4 and earlier do not contain the vulnerable code in question. Red Hat Enterprise
his issue and is tracking it via bug 214640:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214640for Red hat Enterprise Linux 3 and 4.
 is about a corrupted cramfs (MOKB-07-11-2006) that can cause a memory corruption and so crash the machine.For Red Hat Enterpise Linu
 he abarcar Realty Portal has been discontinued 2003.The version 6.xx has been discontinued beginning 2006.A fix for above versions has b
his issue and is tracking it via the following bug for Red Hat Enterprise Linux 2.1. This issue did not affect Red Hat Enterprise Linux 3 or 4.ht
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 ulnerable code is not used by any application likned with libsoup shipped with Red Hat Enterprise Linux 2.1, 3, and 4.Red Hat Enterprise Lin
Hat Enterprise Linux 2.1 shipped with fvwm, however this issue does not affect the included version of fvwm.
 issue does not affect the versions of fetchmail distributed with Red Hat Enterprise Linux 2.1, 3, or 4.


                                                                    Page 14
                                                                   statement


  nux 5 is not vulnerable to this issue as it contains a backported patch.
nsider unexploitable client application crashes to be security flaws. This bug causes a stack recursion crash which is not exploitable.
 issue did not affect Linux versions of Adobe Reader.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 kernel as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 do not contain gfs2 filesystem support.Red Hat Enterprise Linux 5 is not vulne
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 flaw was first introduced in gdm version 2.14. Therefore these issues did not affect the earlier versions of gdm as shipped with Red Hat Ent
his issue and is tracking it for Red Hat Enterprise Linux 4 via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218602T
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities.R
 riva 2007.0 and earlier ship with Kerberos 5 version 1.4.x and as a result are not vulnerable to these issues.
Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities.R
nsider this bug to be a security flaw. In order for this flaw to be exploited, a user would be required to enter shellcode into an interactive GnuP
  nux 5 is not vulnerable to this issue as it contains a backported patch.
 issue does not affect the Linux version of Adobe Reader.
   crash of a client application such as Konqueror or other KFile users to be a security issue.
his issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287The Red Hat Security Respons
ssue does not affect the versions of net-smtp as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.Red Hat Enterprise Linux 5 is not vulnera
hese to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1and http://www.php.net/secu
 Research advisory AD20061207 (Intel Network Adapter Driver Local Privilege Escalation) describes a flaw in the Linux Kernel drivers for the
 LDAP as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 does not support the LDAP_AUTH_KRBV41 authentication method.
nsider this flaw a security issue. This flaw will only crash OpenOffice.org and presents no possibility for arbitrary code execution.
ssue did not affect the versions of KDE as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
his issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219279The Red Hat Security Respons
his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=221459The Red Hat Security Response
  nux 5 is not vulnerable to this issue as it contains a backported patch.
   crash of a client application such as KsIRC to be a security issue.
his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223072The Red Hat Security Response
e exploited if pending signals (ulimit -i) is set to "unlimited". In case of Red Hat Enterprise Linux version 2.1, 3 and 4 this is not the case and
ssue was specific to a Debian patch to Apache HTTP Server.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
esting found that this issue did not affect the versions of Kmail as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
e issues did not affect the versions of pam as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
ed in QuickTime 7.1.5, which was released on March 5. Information on the security fixes provided in QuickTime 7.1.5, and links to obtain th
affected code is in an optional module that is not shipped in Red Hat Enterprise Linux 2.1, 3, or 4.
nsider this issue to be a security vulnerability. The pottential attacker has to send acknowledgement packets periodically to make server gen
  flaw is the result of an infinite recursion flaw in xpdf, which cannot result in arbitrary code execution.
 TP Sniffer:The HTTP Sniffer is an in-build proxy server in Acunetix WVS which purpose is to analyse web traffic between a web client (brow
 issue does not affect the older versions of neon as shipped with Red Hat Enterprise Linux 2.1, 3, and 4. This issue also does not affect the
ssue does not affect the versions of slocate as shipped with Mandriva Linux 2007.0 or earlier.
ssue did not affect the versions of slocate as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
ssue did not affect the versions of libgtop as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.Red Hat Enterprise Linux 5 is not vulnerable
  nux 5 is not vulnerable to this issue as it contains a backported patch.
  nux 5 is not vulnerable to this issue as it contains a backported patch.
e issues did not affect the Linux versions of Samba as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.


                                                                    Page 15
                                                                     statement


e issues affect the AFS ACL module which is not distributed with Samba in Red Hat Enterprise Linux 2.1, 3, or 4.
 ssue did not affect the versions of ISC BIND as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225414The Red Hat Security Response
nsider this issue to be a security vulnerability. The user would have to voluntarily interact with the attack mechanism to exploit the flaw, and t
 Hat did not ship the incomplete patch for CVE-2006-5456 and is therefore not affected by this issue.
nsider this issue to be a security vulnerability. On Red Hat Enterprise Linux processes that change their effective UID do not dump core by d
nsider this issue to be a security vulnerability. It is correct and expected behavior for xterm not to zero-fill its scrollback buffer upon reception
gs would crash the display. The bug has been fixed in the following releases:PEBrowse Professional - v8.2.3PEBrowse Professional Interact
 flaw is a regression of the fix for CVE-2007-0906 affecting PHP version 5.2.1 only which results in any use of str_replace() causing a crash r
nsider this to be a security vulnerability. Using import_request_variables() is generally a discouraged practice and it is improper use that can
 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include Cracklib support.
 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include mssql support.
 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include ClibPDF support.
 hp-snmp package as shipped with Red Hat Enterprise Linux 4 and 5 use net-snmp which is not vulnerable to this issue.
 his issue and is tracking it via the following bug:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232603The Red Hat Security Response
 his issue and is tracking it via the following bug:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233592The Red Hat Security Response




                                                                      Page 16
                                                                  statement



p directory and will only run external commands as the user logged into the ftp server. Because the process chroots itself, an a

you are under maintenance, you have the option of upgrading to a more recent release of Razor at no cost. If you are not under maint



ared these details with the wu-ftpd upstream authors who clarified that some of the issues did not apply, and all were addressed b




2899The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f



://www.east-tec.com




4923The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f




er executes with the privileges of the httpd child process. The PHP intepreter does not "sandbox" PHP scripts from the environmentin




11A.htmlIt is important to note that the issue described is a known function of TCP. In order to perform a connection reset an attac



 4 packages.




                                                                   Page 17
                                                                    statement




0074The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f


0058The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f




his issue does not apply to the 2.0.x versions ofmailman due to setting of STEALTH_MODE




7663The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f



t Enterprise Linux 2.1 shipped with a version of Samba prior to 3.0.6, but we verified by code audit that it is not affected by t
of Squid distributed with Red Hat Enterprise Linux.
ugzilla.redhat.com/bugzilla/show_bug.cgi?id=144263

nally, a code analysis showed that attempts to exploit this issue would be caught in the versions we shipped.http://bugzilla.redha

om/bugzilla/show_bug.cgi?id=161054The Red Hat Security Response Team has rated this issue as having low security impact, a




ed in a world writable directory.




8995The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f
 comprehensive and secure method to retrieve mail. In this example, the author retreives the message directly from the mail dire




                                                                     Page 18
                                                                   statement


4927The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f



2681The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f

HSA-2005:527:http://rhn.redhat.com/errata/RHSA-2005-527.html

9803The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f




mlRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.


0518The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f




 rise Linux packages.




2865The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f
t Enterprise Linux 4 to correct this issue:http://rhn.redhat.com/errata/RHSA-2007-0018.htmlThis issue did not affect Red Hat Enterp

                                                                                           2.
  of any version of any Polopoly product, nor delivered to any of Polopoly’s customers.
 The XSS flaw that existed (the search for
 o address these. This particular exploit is not particularly serious as no sensitive or private user information is ever held w

8960The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f



ed Hat Enterprise Linux to correct these bugs.
ed Hat Enterprise Linux to correct these bugs.

om/bugzilla/show_bug.cgi?id=174026The Red Hat Security Response Team has rated this issue as having low security impact, a



 f Red Hat Enterprise Linux 2.1, 3, or 4.
ontext (in these rules the parser has to keep all backtracking paths). The Red Hat Security Response Team analysed all packages tha


                                                                   Page 19
                                                                  statement




m/bugzilla/show_bug.cgi?id=207347The Red Hat Security Response Team has rated this issue as having low security impact, a fu
7945The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f
 of Dovecot and is therefore not vulnerable to this issue.


 dhat.com/bugzilla/show_bug.cgi?id=194613The Red Hat Security Response Team has rated this issue as having low security imp


d to store a demonstration payroll. It does not contain any sensitive user information. The file is open for view by any user by des
8302The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f
7385The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f


3053The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f

numeric and non-date values from being passed to the SQL queries. This fixes the problems with the pages in question. http://www.b

7900The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f

x option is also described in /etc/sysconfig/syslog for those who wish to enable the -r option.
early documented in the /etc/sysconfig/syslog configuration file.
2192The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f

4362The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f



2278The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f


 9857#c1and http://www.php.net/security-note.php

3166The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f

 bility that affects Red Hat Enterprise Linux 2.1, 3, or 4.




am to use a large amount of memory.
9857#c1and http://www.php.net/security-note.php
not be verified. The source of the CVE assignment was a single line statement in the PHP 5.1.3 release announcement, http://www.php.net/r



 is a security vulnerability.


 4 are not vulnerable to this issue.


                                                                   Page 20
                                                                statement




5826The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f
t Enterprise Linux 2.1, 3, or 4 to correct this issue.


8912The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f
 kernel supporting the a.out binary format. Red Hat Enterprise Linux 4, Fedora Core 4, and Fedora Core 5 do not support the a




 er has added padding to the stack immediately after the buffer being overwritten, this issue can not be exploited, and Apache
 directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing
Linux 2.1, 3, and 4 are based on version 3.1.11 and are therefore not vulnerable to this issue.
2246The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f
 ndle signed RR records.
RHBA-2006-0288.htmland Red Hat Enterprise Linux 3 update 8:http://rhn.redhat.com/errata/RHBA-2006-0287.htmlThis issue does no
  disabled, so the DEBUG_FILE environment variable is ignored and this issue cannot be exploited.

4841The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f

 hat.com/bugzilla/show_bug.cgi?id=224032This issue did not affect Red Hat Enterprise Linux 2.1The Red Hat Security Respon

3426The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f

3645The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f
itable and can only cause a client crash.

 0595The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f

 0595The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f
 0595The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f
pdates, along with our advisory are available at the URL below.http://rhn.redhat.com/errata/RHSA-2006-0661.htmlRed Hat Enterprise Li


se Linux 4. A detailed analysis of this issue can be found in the Red Hat Bug Tracking System:https://bugzilla.redhat.com/bugz
9857#c1and http://www.php.net/security-note.php
terprise Linux 2.1


5826The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f
m/bugzilla/show_bug.cgi?id=204912This issue does not affect Red Hat Enterprise Linux 2.1 or 3.
5651The Red Hat Security Response Team has rated this issue as having low security impact and expects to release a future upd


                                                                 Page 21
                                                                   statement


9857#c1and http://www.php.net/security-note.php




 nst NSPR and therefore is not vulnerable to this issue.

malicious server, which does not result in a denial of service condition.


 xists.There is no evidence to suggest this issue existed or was fixed in any version of portable OpenSSH.
m/bugzilla/show_bug.cgi?id=210128This issue does not affect Red Hat Enterprise Linux 2.1 or 3.
ding this problem and agree that this issue currently poses no security threat. In the event more information becomes available,
ding this problem and agree that this issue currently poses no security threat. In the event more information becomes available,
 with a vulnerable kernel version.
9857#c1and http://www.php.net/security-note.php


 onment. We will not be releasing update to address this issue.
1085The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f
1085The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f
Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.


3515The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f

ugzilla/show_bug.cgi?id=213214This issue does not affect Red Hat Enterprise Linux 2.1 or 3
users using versions 0.9PR and prior are recommended to upgrade their versions immediately. Users can use the following URI to download

Linux 5 is not vulnerable to this issue as it contains a backported patch.
9857#c1and http://www.php.net/security-note.php

 ipped with Red Hat Enterprise Linux 4. We are tracking this flaw via bug 216452:https://bugzilla.redhat.com/bugzilla/show_bu


636860.It is important to specify that this is an alpha product because it is intended for testers and we already disclaim its usage i
code in question. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
for Red hat Enterprise Linux 3 and 4.This issue does not affect Red Hat Enterprise Linux 2.1The Red Hat Security Response Tea
 machine.For Red Hat Enterpise Linux 3 this issue is tracked via Bugzilla #216960 and for Red Hat Enterprise Linux 4 it is tracked via Bug
g 2006.A fix for above versions has been available since that time.As of version 7.0 static pages are created- a parameter for ca
 ct Red Hat Enterprise Linux 3 or 4.https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=215593 The Red Hat Security Re


 2.1, 3, and 4.Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.




                                                                    Page 22
                                                                   statement



ash which is not exploitable.




 d Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.




of gdm as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.Red Hat Enterprise Linux 5 is not vulnerable to this issue as i
m/bugzilla/show_bug.cgi?id=218602This issue does not affect the version of the Linux kernel shipped with Red Hat Enterprise


 not affected by these vulnerabilities.Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported p

 not affected by these vulnerabilities.Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported p
 ter shellcode into an interactive GnuPG session. Red Hat considers this to be an unlikely scenario.Red Hat Enterprise Linux



  8287The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f
  Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
 9857#c1and http://www.php.net/security-note.php
 law in the Linux Kernel drivers for the e100, e1000, and ixgb Intel network cards. The flaw affects the NDIS miniport drivers and its
V41 authentication method.
arbitrary code execution.

9279The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f
1459The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f


3072The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f
2.1, 3 and 4 this is not the case and therefore they are not vulnerable to this issue.




uickTime 7.1.5, and links to obtain the update are provided in:http://docs.info.apple.com/article.html?artnum=305149

 kets periodically to make server generate traffic. Exactly the same effect could be achieved by simply downloading the file. The

eb traffic between a web client (browser) and a web server. By default this tool is not enabled and when enabled it accepts traffic o
 This issue also does not affect the older versions of neon included in the cadaver package.


 Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.




                                                                    Page 23
                                                                statement




5414The Red Hat Security Response Team has rated this issue as having low securityimpact, a future update may address this f
mechanism to exploit the flaw, and the result would be the ability to run code as themselves.

  effective UID do not dump core by default when they receive a fatal signal. Therefore the NULL pointer dereference does not lea
 its scrollback buffer upon reception of terminal clear excape sequence.
8.2.3PEBrowse Professional Interactive - v8.2.4PEBrowse Crash-Dump Analyzer - v2.6.8
 se of str_replace() causing a crash regardless of user input. These issues did not affect the versions of PHP as shipped with R
actice and it is improper use that can lead to security problems, not flaw of PHP itself.



ble to this issue.
603The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this fl
3592The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this f




                                                                 Page 24
                                  statement



cess chroots itself, an a

ost. If you are not under maint



, and all were addressed b




update may address this f




update may address this f




cripts from the environmentin




 connection reset an attac




                                  Page 25
                              statement




update may address this f


update may address this f




update may address this f



t is not affected by t



pped.http://bugzilla.redha

ving low security impact, a




update may address this f
directly from the mail dire




                              Page 26
                                statement


update may address this f



update may address this f



update may address this f




update may address this f




update may address this f
d not affect Red Hat Enterp

hat existed (the search for
tion is ever held w

update may address this f




ing low security impact, a




eam analysed all packages tha


                                Page 27
                                        statement




g low security impact, a fu
update may address this f



as having low security imp


r view by any user by des
update may address this f
update may address this f


update may address this f

ages in question. http://www.b

update may address this f



update may address this f

update may address this f



update may address this f




update may address this f




announcement, http://www.php.net/rele




                                        Page 28
                                 statement




update may address this f



update may address this f
e 5 do not support the a




exploited, and Apache


update may address this f

-0287.htmlThis issue does no


update may address this f

d Hat Security Respon

update may address this f

update may address this f


 update may address this f

 update may address this f
 update may address this f
0661.htmlRed Hat Enterprise Li


ugzilla.redhat.com/bugz




update may address this f

 cts to release a future upd


                                 Page 29
                                          statement




tion becomes available,
tion becomes available,




update may address this f
update may address this f



update may address this f


an use the following URI to download th




com/bugzilla/show_bu


eady disclaim its usage i

at Security Response Tea
rprise Linux 4 it is tracked via Bug
ated- a parameter for ca
Red Hat Security Re




                                          Page 30
                               statement




le to this issue as i
th Red Hat Enterprise


ins a backported p

ins a backported p
Hat Enterprise Linux



update may address this f


DIS miniport drivers and its



 update may address this f
update may address this f


update may address this f




um=305149

ownloading the file. The

enabled it accepts traffic o




                               Page 31
                             statement




update may address this f


r dereference does not lea


 PHP as shipped with R




pdate may address this fl
update may address this f




                             Page 32

								
To top